cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 26 of 78
CVE-2021-38496P3HIGHCVSS 8.8fixed in firefox 93.0-1 (sid)2021
CVE-2021-38496 [HIGH] CVE-2021-38496: firefox - During operations on MessageTasks, a task may have been removed while it was sti... During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. Scope: local sid: resolved (fixed in 93.0-1)
debian
CVE-2020-12410P3HIGHCVSS 8.8fixed in firefox 77.0-1 (sid)2020
CVE-2020-12410 [HIGH] CVE-2020-12410: firefox - Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Scope: local sid: resolved (fixe
debian
CVE-2021-29985P3HIGHCVSS 8.8fixed in firefox 91.0-1 (sid)2021
CVE-2021-29985 [HIGH] CVE-2021-29985: firefox - A use-after-free vulnerability in media channels could have led to memory corrup... A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Scope: local sid: resolved (fixed in 91.0-1)
debian
CVE-2021-29984P3HIGHCVSS 8.8fixed in firefox 91.0-1 (sid)2021
CVE-2021-29984 [HIGH] CVE-2021-29984: firefox - Instruction reordering resulted in a sequence of instructions that would cause a... Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Scope: local sid: resolved (fixed in 91.0-1)
debian
CVE-2021-29967P3HIGHCVSS 8.8fixed in firefox 89.0-1 (sid)2021
CVE-2021-29967 [HIGH] CVE-2021-29967: firefox - Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Scope: local sid: resolved (fix
debian
CVE-2020-6805P3HIGHCVSS 8.8fixed in firefox 74.0-1 (sid)2020
CVE-2020-6805 [HIGH] CVE-2020-6805: firefox - When removing data about an origin whose tab was recently closed, a use-after-fr... When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid: resolved (fixed in 74.0-1)
debian
CVE-2020-6807P3HIGHCVSS 8.8fixed in firefox 74.0-1 (sid)2020
CVE-2020-6807 [HIGH] CVE-2020-6807: firefox - When a device was changed while a stream was about to be destroyed, the <code>st... When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid: resolved (fixed in 74.0-1)
debian
CVE-2020-15670P3HIGHCVSS 8.8fixed in firefox 80.0-1 (sid)2020
CVE-2020-15670 [HIGH] CVE-2020-15670: firefox - Mozilla developers reported memory safety bugs present in Firefox for Android 79... Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. Scope: local sid:
debian
CVE-2021-38501P3HIGHCVSS 8.8fixed in firefox 93.0-1 (sid)2021
CVE-2021-38501 [HIGH] CVE-2021-38501: firefox - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Scope: local sid: resolved (fixed
debian
CVE-2022-34484P3HIGHCVSS 8.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-34484 [HIGH] CVE-2022-34484: firefox - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbi... The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local
debian
CVE-2023-6873P3HIGHCVSS 8.8fixed in firefox 121.0-1 (sid)2023
CVE-2023-6873 [HIGH] CVE-2023-6873: firefox - Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)
debian
CVE-2022-42928P3HIGHCVSS 8.8fixed in firefox 106.0-1 (sid)2022
CVE-2022-42928 [HIGH] CVE-2022-42928: firefox - Certain types of allocations were missing annotations that, if the Garbage Colle... Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Scope: local sid: resolved (fixed in 106.0-1)
debian
CVE-2022-2505P3HIGHCVSS 8.8fixed in firefox 103.0-1 (sid)2022
CVE-2022-2505 [HIGH] CVE-2022-2505: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres... Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Scope: local sid: resolv
debian
CVE-2023-25732P3HIGHCVSS 8.8fixed in firefox 110.0-1 (sid)2023
CVE-2023-25732 [HIGH] CVE-2023-25732: firefox - When encoding data from an <code>inputStream</code> in <code>xpcom</code> the si... When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)
debian
CVE-2023-29539P3HIGHCVSS 8.8fixed in firefox 112.0-1 (sid)2023
CVE-2023-29539 [HIGH] CVE-2023-29539: firefox - When handling the filename directive in the Content-Disposition header, the file... When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, an
debian
CVE-2022-46878P3HIGHCVSS 8.8fixed in firefox 108.0-1 (sid)2022
CVE-2022-46878 [HIGH] CVE-2022-46878: firefox - Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fu... Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6
debian
CVE-2022-34483P3HIGHCVSS 8.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-34483 [HIGH] CVE-2022-34483: firefox - An attacker who could have convinced a user to drag and drop an image to a files... An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. Scope: local si
debian
CVE-2022-34482P3HIGHCVSS 8.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-34482 [HIGH] CVE-2022-34482: firefox - An attacker who could have convinced a user to drag and drop an image to a files... An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102. Scope: local si
debian
CVE-2022-45421P3HIGHCVSS 8.8fixed in firefox 107.0-1 (sid)2022
CVE-2022-45421 [HIGH] CVE-2022-45421: firefox - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety b... Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: l
debian
CVE-2022-46873P3HIGHCVSS 8.8fixed in firefox 108.0-1 (sid)2022
CVE-2022-46873 [HIGH] CVE-2022-46873: firefox - Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, ... Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108. Scope: local si
debian
Debian Firefox vulnerabilities | cvebase